Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » ASUS PATCHES DRIVERHUB RCE DISTRUCTIONS OPERATED THROUGH HTTP AND CONTROL .INI FILE
Global Security

ASUS PATCHES DRIVERHUB RCE DISTRUCTIONS OPERATED THROUGH HTTP AND CONTROL .INI FILE

AdminBy AdminMay 12, 2025No Comments3 Mins Read
ASUS Patches DriverHub RCE Flaws
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


May 12, 2025.Red LakshmananVulnerability / safety of the final points

ASUS PATCHES DRIVERHUB RCE DIFFERENTS

ASUS released updates to address two security deficiencies that affect the ASUS DriverHub, which, if successfully used, can allow the attacker to use the software to achieve the remote execution of the code.

Driver This is a tool designed to automatically detect a computer’s maternity board model and displaying the necessary drivers updates for subsequent installation by communication with A with A with A A highlighted site Located in “DriverHub.Asus (.) Com.”

Disadvantages found in the software given below –

  • Cve-2025-3462 (CVSS Assessment: 8.4) – Vulnerability of Error Verification, which can allow unauthorized sources to interact with software features using the developed HTTP requests
  • Cve-2025-3463 (CVSS Assessment: 9.4) – Incorrect Certificate Valmation, which can allow unreliable sources to affect the system behavior using the developed HTTP requests

The Mrubra’s security researcher, which is attributed to the identification and report on two vulnerabilities, said they could be used to achieve the remote code implementation as part of the attack on one click.

Cybersecurity

The attack network essentially includes the deception of the unsuspecting user for visiting DriverHub.Asus (.) Com (eg DriverHub.Asus.com..com) and then using the UPDATEAP DriverHub final point to execute the legitimate version of Binarium “Asussetup.exe” with the option to run any file located in a fake domain.

“When performing asussetup.exe, he first reads with asussetup.ini, which contains metadata about the driver,” the researcher interpret In a technical report.

“If you run asussetup.exe with the flag -s (DriverHub calls it using it to make a silent installation), it will perform everything shown in Silentinstallrun. In this case, the Ini file determines the CMD scenario that performs an automated driver installation, but it can start everything.”

All the attacker needs to successfully pull out the operation – this is the creation of the domain and place three files, the harmful useful load that will be launched, the modified version of asussetup.ini, which has the “Silentinstallrun”, installed in malicious binary and asussetup.exe.

Following the responsible disclosure of information on April 8, 2025, the questions were recorded on May 9. There is no evidence that vulnerabilities were used in the wild.

“This update includes important security updates, and ASUS strongly recommends users to update the Asus DriverHub installation to the latest version,” the company – Note In the newsletter. “The latest software update can be obtained by opening the Asus DriverHub by clicking the” Update “button.

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.